We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure Virus Scanning in the Firewall

  • Last updated on
The Barracuda NG Firewall scans incoming traffic for malware on a per access rule basis when AV scanning in the firewall is enabled. If a user downloads a file containing malware, the Barracuda NG Firewall detects and discards the infected file and redirects the user to a warning page. You can combine virus scanning with SSL Interception to also scan SSL encrypted connections.


In this article:

Before You Begin

Step 1. Enable the Virus Scanner Service

Ensure that the Virus Scanner service is enabled.

  1. Open the Service Properties page (Config > Full Config > Box > Virtual Servers > your virtual server > Assigned Services > Virus-Scanner).
  2. Click Lock.
  3. From the Enable Service list, select yes .
  4. Click Send Changes and Activate.

Step 2. Configure an AV Engine

Select and configure a Virus Scanner engine. You can use Avira and ClamAV either separately or together.

Using both AV engines significantly increases CPU utilization and load.

  1. Open the Virus Scanner Settings page (Config > Full Config > Box > Virtual Server > your virtual server > Assigned Services > Virus-Scanner).
  2. Click Lock.
  3. Enable the virus scanner engines of your choice:
    • Enable the Avira AV engine by selecting Yes from the Enable Avira Engine list.
    • Enable the ClamAV engine by selecting Yes from the Enable ClamAV list.
  4. Click Send Changes and Activate.

Step 3. Enable SSL Interception and AV Scanning in the Firewall

If you want to scan files that are transmitted over a SSL-encrypted connection, enable SSL Interception and virus scanning in the firewall.

  1. Open the Security Policy page (Config > Full Config > Box > Virtual Server > your virtual server > Assigned Services > Firewall).
  2. Click Lock.
  3. Select the Enable SSL Interception check box.
  4. Upload your root CA certificate or create a self-signed Root Certificate.
  5. (Optional) Click the plus sign (+) in the Trusted Root Certificates section to add additional root certificates. 
  6. In the Virus Scanner Configuration section, select the Enable Virus Scanning in the firewall check box.
  7. In the Scanned MIME types list, add the MIME types of the files that you want the AV scanner to scan.

    The default <factory-default-mime-types> includes the most important MIME file types.

























  8. (optional) Change the Action if Virus Scanner is unavailable.

  9. (optional) Click on Advanced:

    • Large File Policy – The large file policy is set to a sensible value for your appliance. The maximum value is 4096MB.
    • Data Trickling Settings – Change how fast and how much data is transmitted. Change these settings if your browser times out while waiting for the file to be scanned.
  10. Click Send Changes and Activate.

Step 4. Enable the AV Scanner in the Firewall Rules

You can enable AV scanning for every Pass firewall rule.

  1. Open the Forwarding Rules page (Config > Full Config > Box > Virtual Server > your virtual server > Assigned Services > Firewall).
  2. Click Lock.
  3. Open the settings for the firewall rule that you want to enable AV scanning for.
  4. Click the Application Policy link.
  5. Select the Application Control and AV Scan check boxes.
  6. If you want to scan SSL encrypted traffic, select the SSL Interception check box.
  7. Click OK.
  8. Click Send Changes and Activate.

Monitoring and Testing

  • Test the AV scan setup by downloading EICAR test files from http://www.eicar.com. You then receive the following block page:
  • To monitor detected viruses and malware, go to the Firewall > Threat Scan page.

Next Steps

To combine ATP with virus scanning, see Advanced Threat Protection (ATP).

Last updated on